HTTPS & SSL Сертификация

https-ssl-off

HTTPS & SSL Сертификация

Что такое SSL?

SSL означает Secure Socket Layer. Этот протокол обеспечивает защиты сежду клиентом и вашим сайтом. Если Ваш сайт и приложение защищено SSL сертификатом, это значит, что ни один хакер не сможет украсть пароли и номера карт оплаты.

Обратите внимание на современные сайты, которые имеют “https” подключение, значит у них используется SSL. Попробуем ввесть “https://vk.com” в браузере. Мы увидем рядом с доменом зеленый замок – это значит, что соединение защищено.

С 2017 года, Вы должны использовать этот протокол, так как Apple будет отвергать приложения без SSL, а в Google Chrome, Ваш сайт будет выглядеть как незащищенный и опасный для клиентов..

Initial Setup

First go into Backoffice > Settings > Advanced > Configuration

You will likely see this section, for now your HTTPS is disabled, and you have no issued certificates from let’s encrypt.

https-ssl-off

Let’s jump to the next step.

What do I need in order to setup & generate my SSL Certificates ?

If you have one of the supported Admin panels (Plesk 12+, cPanel, VestaCP, and DirectAdmin)

You will see that Let’s Encrypt API is set on staging* (test) by default, leave it on staging until every next step is working.

letsencrypt-staging

  1. Get your admin* username, password & hostname.
  2. Select your panel type in the list
    • select-panel-type
  3. Fill-in the required information
  4. Switch “Use HTTPS” to yes
    • switch-https-yes
  5. Then Save.
  6. After saving, you can proceed to the Certificate request, click on “Request”
    • request-certificate
  7. If the request is successful you should now see your certificate in the “Issued certificates” below
    • issued-certificates-panel
  8. After the following steps you are done, Siberian pushed your certificate to your Admin panel and will check periodically with the cron scheduler if your certificates needs to be renewed or re-generated, it’s also then synced with your Admin panel.
    • For the Platform Edition, every-time a new White Label domain is setup, the certificate will be updated to match with the new domain
  9. If all the previous steps were successful, you can now switch the Let’s Encrypt API to production, and hit the “Request” button a last time to get a production certificate.Important: when changing from Staging to Production, be sure to reload the page in HTTP and not in HTTPS: otherwise when generating the production you will get an error.
    • letsencrypt-staging

If you don’t have any of the supported Admin panel, please refer to the next section #setup-self-managed-server

*note: the admin account is generally required in order to use the API.

Setup self managed server

When setting up certificates from Siberian with a self-managed server (cf: without having an Admin Panel) please follow theses recommendations.

  1. First select “Unknown – Self-managed”
    • unknown-self-managed
  2. Switch “Use HTTPS” to yes
    • switch-https-yes
  3. Then Save
  4. After saving, you can proceed to the Certificate request, click on “Request”
    • request-certificate
  5. If the request is successful you should now see your certificate in the “Issued certificates” below
    • Information shown below are visible when toggling “info” you will likely require the two or three following paths to setup your virtual host (with apache or nginx)issued-certificates-managed
  6. Setup your web-server with your new certificate, some examples below:
    • Nginx: In your virtual host add the following lines
      [...] listen 443; ssl on; ssl_certificate /path/to/your/certificate/cert.pem; ssl_certificate_key /path/to/your/certificate/private.pem; [...]

      Apache: In your virtual host add the following lines

      [...] <VirtualHost *:443> SSLEngine on SSLCertificateFile /path/to/your/certificate/cert.pem SSLCertificateKeyFile /path/to/your/certificate/private.pem SSLCertificateChainFile /path/to/your/certificate/chain.pem [...]
  7. [Recommended] Next you will have to setup a root incron job , which will watch the certificate file “/path/to/your/certificate/cert.pem” changes to call your server to reload.
    1. For Debian, Ubuntu, etc…
      1. apt-get install incron
    2. For Fedora, Red Hat, CentOS, etc…
      1. yum install incron
    3. Setup your job “incrontab -u root -e” add the following line /path/to/your/certificate/cert.pem IN_MODIFY /usr/bin/reload-web-server.sh
      1. Example script for /usr/bin/reload-web-server.sh
        • #!/bin/bash service httpd reload
      2. Don’t forget to chmod +x /usr/bin/reload-web-server.sh the script
    4. Start the service “service incrond start” or “/etc/init.d/incrond start”
    5. Now each time your certificate is renewed or modified (cf: new domains registered) your web-server will be reloaded to serve the new file.

I already have my own certificates and want to use them !

Thus it’s not a recommend way to setup your Siberian SSL, you can setup your existing certificates by giving Siberian their path or by uploading them.

  • For the Platform Edition, every-time a new White Label domain is setup, you will have to renew your certificate by adding the new domains to the Subject Alternative Names of your certificate, otherwise your whitelabels won’t work with HTTPS.
  1. First you need to expand the upload section by clicking on the title or “+”
    • expand-upload
  2. You’ll then have access to this new form.
    • upload-form
      We highly recommend to provide existing paths to your certificates rather than uploading them manually, if you want to upload certificates jump to the next section #upload-my-certificates.You will have to fill in the main domain name in “hostname” and provide your certificates path.The certificates path must be the same already setup in your server virtual host, this way Siberian always have the latest certificate.
  3. Now click on upload and you’re done.

Upload my certificates

  1. Below you can see the upload form
    • want-to-upload
      In this form you also have to fill in the main domain name in “hostname”, but this time you have to upload your existing certificates files.
  2. You can now click on upload and you’re done.

Note: when uploading certificates rather than giving Siberian the path, you will have to upload them again each time they are renewed

0 Comments
    Leave a comment

    Вам понравились наши работы?

    В таком случае просим Вас заполнить специальную форму, и система сама дозвониться до Вас через специальный скрипт. Если у Вас есть какие-то пожелания или наметки, то можете писать на sales@yappix.ru

    Отправить заявку на кредит



    Укажите свой E-mail:
    Укажите ваш сотовый:





    Отправить заявку на кредит



    Укажите свой E-mail:
    Укажите ваш сотовый:





    Отправить заявку на кредит



    Укажите свой E-mail:
    Укажите ваш сотовый:





    Отправить заявку на кредит



    Укажите свой E-mail:
    Укажите ваш сотовый:





    Отправить заявку на кредит



    Укажите свой E-mail:
    Укажите ваш сотовый:





    Отправить заявку на кредит



    Укажите свой E-mail:
    Укажите ваш сотовый:





    Отправить заявку на кредит



    Укажите свой E-mail:
    Укажите ваш сотовый:





    Отправить заявку на кредит



    Укажите свой E-mail:
    Укажите ваш сотовый:





    Отправить заявку на кредит в свободной форме



    Укажите свой E-mail:
    Укажите ваш сотовый:
    Укажите желаемую сумму (до 200 000 рублей):
    Повторите желаемую сумму (до 200 000 рублей):
    Что вы хотите заказать?


    Отправить заявку на кредит



    Укажите свой E-mail:
    Укажите ваш сотовый: